diff --git a/rs/crypto/internal/crypto_service_provider/src/key_id/mod.rs b/rs/crypto/internal/crypto_service_provider/src/key_id/mod.rs index aa59551bb534..f92c7a9d1bf7 100644 --- a/rs/crypto/internal/crypto_service_provider/src/key_id/mod.rs +++ b/rs/crypto/internal/crypto_service_provider/src/key_id/mod.rs @@ -110,17 +110,15 @@ impl From<&CspPublicKey> for KeyId { } } -impl TryFrom<&MEGaPublicKey> for KeyId { - type Error = String; - - fn try_from(public_key: &MEGaPublicKey) -> Result { - match public_key.curve_type() { - EccCurveType::K256 => Ok(KeyId::from(( - AlgorithmId::ThresholdEcdsaSecp256k1, - &public_key.serialize(), - ))), - c => Err(format!("unsupported curve: {c:?}")), - } +impl From<&MEGaPublicKey> for KeyId { + fn from(public_key: &MEGaPublicKey) -> Self { + let alg = match public_key.curve_type() { + EccCurveType::K256 => AlgorithmId::ThresholdEcdsaSecp256k1, + EccCurveType::P256 => AlgorithmId::ThresholdEcdsaSecp256r1, + EccCurveType::Ed25519 => AlgorithmId::ThresholdEd25519, + }; + + KeyId::from((alg, &public_key.serialize())) } } diff --git a/rs/crypto/internal/crypto_service_provider/src/key_id/tests.rs b/rs/crypto/internal/crypto_service_provider/src/key_id/tests.rs index a4170e17d005..8f89c0e2349b 100644 --- a/rs/crypto/internal/crypto_service_provider/src/key_id/tests.rs +++ b/rs/crypto/internal/crypto_service_provider/src/key_id/tests.rs @@ -4,15 +4,6 @@ use ic_crypto_internal_threshold_sig_canister_threshold_sig::{ }; use ic_crypto_internal_types::sign::threshold_sig::ni_dkg::ni_dkg_groth20_bls12_381::FsEncryptionPublicKey; -#[test] -fn should_fail_to_create_key_id_from_mega_key_with_unsupported_curve() { - let mega_public_key = MEGaPublicKey::new(EccPoint::identity(EccCurveType::P256)); - assert_eq!( - KeyId::try_from(&mega_public_key), - Err("unsupported curve: P256".to_string()) - ); -} - mod stability_tests { use super::*; use crate::CspPublicKey; @@ -216,10 +207,26 @@ mod stability_tests { input: MEGaPublicKey::new(EccPoint::generator_h(EccCurveType::K256)), expected: "502da182fa4451163418bb07073182ca280aa4fb1f652b70f5b3b8f1642579cb", }, + ParameterizedTest { + input: MEGaPublicKey::new(EccPoint::generator_g(EccCurveType::P256)), + expected: "2b0a2fc94df2c28de159aeaf65a8d37b4825d17ea9cefad30a7b0db0b99f9e3f", + }, + ParameterizedTest { + input: MEGaPublicKey::new(EccPoint::generator_h(EccCurveType::P256)), + expected: "4cbcdf951ded1c9f8c8fa726677f9f8099f77813e7d6203ae63e1f3934833e52", + }, + ParameterizedTest { + input: MEGaPublicKey::new(EccPoint::generator_g(EccCurveType::Ed25519)), + expected: "2ea594538d5f66037df2ad82f13678f6c09e4d7f1111696f954c8d3eb73bb08a", + }, + ParameterizedTest { + input: MEGaPublicKey::new(EccPoint::generator_h(EccCurveType::Ed25519)), + expected: "1e4d044d7648d96ee5daea1464a0fa07c79b6d32d7d4e392d4c3bdafc5494b26", + }, ]; for test in &tests { assert_eq!( - KeyId::try_from(&test.input).expect("invalid KeyId"), + KeyId::from(&test.input), test.expected_key_id(), "Parameterized test {:?} failed", &test diff --git a/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/idkg/mod.rs b/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/idkg/mod.rs index 2e16d3d9934a..767f651c416c 100644 --- a/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/idkg/mod.rs +++ b/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/idkg/mod.rs @@ -765,13 +765,7 @@ fn generate_idkg_key_material_from_seed( ) -> Result<(MEGaPublicKey, CspSecretKey, KeyId), CspCreateMEGaKeyError> { let (public_key, private_key) = gen_keypair(EccCurveType::K256, seed); - let key_id = - KeyId::try_from(&public_key).map_err(|e| CspCreateMEGaKeyError::InternalError { - internal_error: format!( - "Failed to create key ID from MEGa public key {:?}: {e}", - &public_key - ), - })?; + let key_id = KeyId::from(&public_key); let csp_secret_key = CspSecretKey::MEGaEncryptionK256(MEGaKeySetK256Bytes { public_key: MEGaPublicKeyK256Bytes::try_from(&public_key) .map_err(CspCreateMEGaKeyError::SerializationError)?, @@ -799,9 +793,7 @@ fn idkg_public_key_proto_to_key_id( internal_error: format!("Error deserializing IDKG public key: {err:?}"), })?; - KeyId::try_from(&mega_public_key).map_err(|error| IDkgRetainKeysError::InternalError { - internal_error: format!("Invalid key ID {error:?}"), - }) + Ok(KeyId::from(&mega_public_key)) }) .collect() } diff --git a/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/idkg/tests.rs b/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/idkg/tests.rs index ad76c961e45d..f82fbb066840 100644 --- a/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/idkg/tests.rs +++ b/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/idkg/tests.rs @@ -64,8 +64,7 @@ mod idkg_gen_dealing_encryption_key_pair { .expect("error retrieving public keys") .idkg_dealing_encryption_public_key .expect("missing I-DKG public key"); - let key_id = KeyId::try_from(&generated_public_key) - .expect("valid key ID"); + let key_id = KeyId::from(&generated_public_key); prop_assert_eq!(generated_public_key.curve_type(), EccCurveType::K256); prop_assert_eq!(idkg_dealing_encryption_pk_to_proto(generated_public_key), stored_public_key); @@ -381,7 +380,7 @@ mod idkg_retain_active_keys { ); assert!( vault - .sks_contains(KeyId::try_from(&public_key).expect("invalid key ID")) + .sks_contains(KeyId::from(&public_key)) .expect("error reading SKS") ); } @@ -434,7 +433,7 @@ mod idkg_retain_active_keys { .expect("error retaining active IDKG keys"); for (i, public_key) in rotated_public_keys.iter().enumerate() { - let key_id = KeyId::try_from(public_key).expect("invalid key id"); + let key_id = KeyId::from(public_key); if i < oldest_public_key_index { assert!(!vault.sks_contains(key_id).expect("error reading SKS")); } else { @@ -1328,9 +1327,7 @@ mod idkg_load_transcript { let pk = vault .idkg_gen_dealing_encryption_key_pair() .expect("failed to generate key pair"); - let key_id = self.key_id.unwrap_or_else(|| { - KeyId::try_from(&pk).expect("failed to generate the key id for the MEGA pubkey") - }); + let key_id = self.key_id.unwrap_or_else(|| KeyId::from(&pk)); let pk_proto = idkg_dealing_encryption_pk_to_proto(pk.clone()); let (dealing_bytes, internal_transcript) = self.dealing_bytes_and_internal_transcript(pk_proto, &vault); @@ -1714,9 +1711,7 @@ mod idkg_load_transcript_with_openings { let pk = vault .idkg_gen_dealing_encryption_key_pair() .expect("failed to generate key pair"); - let key_id = self.key_id.unwrap_or_else(|| { - KeyId::try_from(&pk).expect("failed to generate the key id for the MEGA pubkey") - }); + let key_id = self.key_id.unwrap_or_else(|| KeyId::from(&pk)); let pk_proto = idkg_dealing_encryption_pk_to_proto(pk.clone()); let (dealing_bytes, internal_transcript) = self.dealing_bytes_and_internal_transcript(pk_proto, &vault); @@ -1995,11 +1990,10 @@ mod idkg_open_dealing { .expect("failed to generate key pair"); let mut mnsks = MockSecretKeyStore::new(); - mnsks.expect_get().times(1).return_once(move |_key_id| { - tmp_vault.sks_read_lock().get( - &KeyId::try_from(&pk).expect("failed to convert a public key to the KeyId"), - ) - }); + mnsks + .expect_get() + .times(1) + .return_once(move |_key_id| tmp_vault.sks_read_lock().get(&KeyId::from(&pk))); Box::new( LocalCspVault::builder_for_test() @@ -2043,8 +2037,7 @@ mod idkg_open_dealing { let pk = vault .idkg_gen_dealing_encryption_key_pair() .expect("failed to generate key pair"); - let key_id = - KeyId::try_from(&pk).expect("failed to generate the key id for the MEGA pubkey"); + let key_id = KeyId::from(&pk); let pk_proto = idkg_dealing_encryption_pk_to_proto(pk.clone()); let dealing_bytes = self.dealing_bytes(pk_proto, &vault); diff --git a/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/public_and_secret_key_store/mod.rs b/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/public_and_secret_key_store/mod.rs index 60565e926cab..4b40309c6233 100644 --- a/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/public_and_secret_key_store/mod.rs +++ b/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/public_and_secret_key_store/mod.rs @@ -230,12 +230,7 @@ fn compute_idkg_dealing_encryption_key_id( } })?; - let key_id = KeyId::try_from(&idkg_dealing_encryption_pk).map_err(|error| { - ExternalPublicKeyError(Box::new(format!( - "Malformed public key: failed to derive key ID from MEGa public key: {error}" - ))) - })?; - Ok(key_id) + Ok(KeyId::from(&idkg_dealing_encryption_pk)) } fn compute_tls_certificate_key_id( diff --git a/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/public_and_secret_key_store/tests.rs b/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/public_and_secret_key_store/tests.rs index 961d0c71ba95..a8e0a3efe018 100644 --- a/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/public_and_secret_key_store/tests.rs +++ b/rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/public_and_secret_key_store/tests.rs @@ -1512,8 +1512,7 @@ mod validate_pks_and_sks { } fn idkg_dealing_encryption_key_id_from(idkg_pk: &PublicKey) -> KeyId { - KeyId::try_from(&mega_public_key_from_proto(idkg_pk).expect("invalid public key")) - .expect("invalid public key") + KeyId::from(&mega_public_key_from_proto(idkg_pk).expect("invalid public key")) } fn invalid_public_key() -> PublicKey { diff --git a/rs/crypto/internal/crypto_service_provider/src/vault/test_utils/idkg.rs b/rs/crypto/internal/crypto_service_provider/src/vault/test_utils/idkg.rs index f0304013a16e..08955865cf35 100644 --- a/rs/crypto/internal/crypto_service_provider/src/vault/test_utils/idkg.rs +++ b/rs/crypto/internal/crypto_service_provider/src/vault/test_utils/idkg.rs @@ -23,7 +23,7 @@ pub fn should_generate_and_store_dealing_encryption_key_pair_multiple_times( .expect("missing IDKG public key"), idkg_dealing_encryption_pk_to_proto(public_key.clone()) ); - let key_id = KeyId::try_from(&public_key).expect("invalid key ID"); + let key_id = KeyId::from(&public_key); assert!(csp_vault.sks_contains(key_id).expect("error reading SKS")); assert!(key_ids.insert(key_id)); diff --git a/rs/crypto/src/sign/canister_threshold_sig/idkg/dealing.rs b/rs/crypto/src/sign/canister_threshold_sig/idkg/dealing.rs index c214f31076e5..6b0101014b30 100644 --- a/rs/crypto/src/sign/canister_threshold_sig/idkg/dealing.rs +++ b/rs/crypto/src/sign/canister_threshold_sig/idkg/dealing.rs @@ -3,9 +3,10 @@ use crate::sign::basic_sig::{self, BasicSigVerifierInternal}; use crate::sign::canister_threshold_sig::idkg::utils::{ MegaKeyFromRegistryError, fetch_idkg_dealing_encryption_public_key_from_registry, - key_id_from_mega_public_key_or_panic, retrieve_mega_public_key_from_registry, + retrieve_mega_public_key_from_registry, }; use ic_crypto_internal_csp::api::CspSigner; +use ic_crypto_internal_csp::key_id::KeyId; use ic_crypto_internal_csp::vault::api::{ BasicSignatureCspVault, CspVault, IDkgCreateDealingVaultError, IDkgDealingInternalBytes, IDkgTranscriptOperationInternalBytes, @@ -129,7 +130,7 @@ pub fn verify_dealing_private( IDkgDealingInternalBytes::from(signed_dealing.idkg_dealing().dealing_to_bytes()), dealer_index, self_receiver_index, - key_id_from_mega_public_key_or_panic(&self_mega_pubkey), + KeyId::from(&self_mega_pubkey), params.context_data(), ) } diff --git a/rs/crypto/src/sign/canister_threshold_sig/idkg/transcript.rs b/rs/crypto/src/sign/canister_threshold_sig/idkg/transcript.rs index 0971e784392c..e30b8ec721cf 100644 --- a/rs/crypto/src/sign/canister_threshold_sig/idkg/transcript.rs +++ b/rs/crypto/src/sign/canister_threshold_sig/idkg/transcript.rs @@ -3,9 +3,10 @@ use crate::sign::basic_sig::BasicSigVerifierInternal; use crate::sign::canister_threshold_sig::idkg::complaint::verify_complaint; use crate::sign::canister_threshold_sig::idkg::utils::{ index_and_batch_signed_dealing_of_dealer, index_and_dealing_of_dealer, - key_id_from_mega_public_key_or_panic, retrieve_mega_public_key_from_registry, + retrieve_mega_public_key_from_registry, }; use ic_crypto_internal_csp::api::CspSigner; +use ic_crypto_internal_csp::key_id::KeyId; use ic_crypto_internal_csp::vault::api::{ CspVault, IDkgDealingInternalBytes, IDkgTranscriptInternalBytes, }; @@ -180,7 +181,7 @@ pub fn load_transcript( internal_dealings_bytes, transcript.context_data(), self_index, - key_id_from_mega_public_key_or_panic(&self_mega_pubkey), + KeyId::from(&self_mega_pubkey), IDkgTranscriptInternalBytes::from(transcript.transcript_to_bytes()), )?; let complaints = complaints_from_internal_complaints(&internal_complaints, transcript)?; @@ -246,7 +247,7 @@ pub fn load_transcript_with_openings( internal_openings, transcript.context_data(), self_index, - key_id_from_mega_public_key_or_panic(&self_mega_pubkey), + KeyId::from(&self_mega_pubkey), IDkgTranscriptInternalBytes::from(transcript.transcript_to_bytes()), ) } @@ -292,7 +293,7 @@ pub fn open_transcript( dealer_index, context_data, opener_index, - key_id_from_mega_public_key_or_panic(&opener_public_key), + KeyId::from(&opener_public_key), )?; let internal_opening_raw = internal_opening diff --git a/rs/crypto/src/sign/canister_threshold_sig/idkg/utils.rs b/rs/crypto/src/sign/canister_threshold_sig/idkg/utils.rs index 21a360423b44..cad8c03760b7 100644 --- a/rs/crypto/src/sign/canister_threshold_sig/idkg/utils.rs +++ b/rs/crypto/src/sign/canister_threshold_sig/idkg/utils.rs @@ -3,7 +3,6 @@ mod errors; pub use errors::*; -use ic_crypto_internal_csp::key_id::KeyId; use ic_crypto_internal_csp::keygen::utils::{ MEGaPublicKeyFromProtoError, mega_public_key_from_proto, }; @@ -22,10 +21,6 @@ use std::convert::TryFrom; #[cfg(test)] mod tests; -pub fn key_id_from_mega_public_key_or_panic(public_key: &MEGaPublicKey) -> KeyId { - KeyId::try_from(public_key).unwrap_or_else(|err| panic!("{}", err)) -} - /// Query the registry for the MEGa public key of `node_id` receiver. pub fn retrieve_mega_public_key_from_registry( node_id: &NodeId,